CQURE

Penetration Tests

The goal of every project is to perform a security assessment to help the organization understand their current security posture and identify potential weaknesses.

The scope of work involves doing a complete assessment of the information security posture of Customer’s network covering, but not limited to the scope that Client asked for. The assessment approach should start as a Blackbox and move to grey and white box depending on the progress of the vendor and vulnerabilities that can be exploited. Project scope also includes the configuration review for the chosen amount of routers.

Phase 1: Reconnaissance

The black hat uses a variety of sources to learn as much as possible about the target business and how it operates, including:

  • Domain name management/search services;
  • Non-intrusive network scanning;
  • Services recognition;
  • Creating the network map;
  • Used software recognition.

The activities in this phase are not easy to defend against. Information about an organization finds its way to the Internet via various routes. Employees are often easily tricked into providing tidbits of information, which, over time, act to complete a complete picture of processes, organizational structure, and potential soft spots.

Phase 2: Scanning

The objective of this test is to ascertain the possibility for anyone who is part of a trusted source to get into the network through and to determine how far he or she can get in if they gained access. A detailed security analysis to be carried out, on the servers and network assets that are accessible through the trusted source, in order to verify the security that are in place (methodology, tools, detailed testing steps, and sample findings reports will be presented to the Customer). Testing will begin without initial privileges but to review the configuration during the project, the appropriate privileges are required; we expect that Customer will provide such privileges in 30% of the internal and external penetration testing project phase.

Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning perimeter and internal network devices looking for weaknesses, including:

  • Open ports;
  • Open services;
  • Vulnerable applications, including operating systems;
  • Weak protection of data in transit;
  • Make and model of each piece of LAN/WAN equipment.

 

Scans of perimeter and internal devices can often be detected with intrusion detection (IDS) or prevention (IPS) solutions, but not always. Scanning takes place both for Internal and External environments.

Phase 3: Gaining Access

The objective of External Penetration Test is to ascertain the possibility for anyone from outside to get into the network through Internet and to determine how far they can get in if they gained access.

The objective of Internal Penetration Test is to ascertain the possibility for anyone who is part of a trusted source (part of the government network/internal network) to get into the network through and to determine how far he or she can get in if they gained access.

The following steps are performed:

  1. Initial tests and main penetration test plan creation
  2. Detailed penetration test of requested components (edge routers, IDS/IPS, firewall, website, related servers and services).
  3. Vulnerability testing:
    1. Conducting attacks
    2. Monitoring components’ reaction
    3. Detect and filter file transfer content to external sites or internal devices
    4. Prevent/detect direct session initiation between servers in your data center and networks/systems not under your control
    5. Look for connections to odd ports or nonstandard protocols
    6. Detect sessions of unusual duration, frequency, or amount of content

Detect anomalous network or server behavior, including traffic mix per time interval.

Phase 4: Writing documentation

As a result of the project the set of documents will be created. These documents should be accepted by Requestor and will include:

Executive System Security Report being a high level overview for Management. This report will include recommendations about further development of the System.

Technical System Security Report being a database of vulnerabilities detected, their interpretation and proposed countermeasures. Technical report will include lists of audited systems, vulnerabilities detected, data gathered during project and a proposal of technical solutions that can be used during securing and further development of the System.